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(54) Adaptable security mechanism for preventing unauthorized access of digital data 



(57) Content such as computer software, data rep- 
resenting audiovisual works, and electronic documents 
can converted from a machine-bound state to user- 
bound state without modification to the content data it- 
self. Instead, keys used to access the content are con- 
verted from the machine-bound state to the user-bound 
state. In particular, the keys are kept in a passport data 
structure which can represent either a machine-binding 
ora user-binding. Amachine-bound passport can be up- 
graded to a user-bound passport without modifying the 



bound content. The private key of the machine-bound 
passport, in cleartextform, is included in the user-bound 
passport and encrypted using a user-supplied password 
to bind the private key to the user. In addition, private 
user information is collected and verified and included 
in the user-bound passport. Upgrading a machine- 
bound passport can be Initiated automatically upon de- 
tection that an attempt is made to play back machine- 
bound content on a machine other than the one to which 
the content is bound. 
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Description 

FIELD OF THE INVENTION 

[0001] The present invention relates to systems for re- 
stricting unauthorized access to digital data and, in par- 
ticular, to a mechanisnn for limiting access to such digital 
data to either a particular machine or a particular user 
and to a mechanism for converting limited access from 
a particular machine to a particular user. 

BACKGROUND OF THE INVENTION 

[0002] Protection of digital data from unauthorized ac- 
cess has been a primary concem of software vendors 
from the time software vendors first began delivering 
computer software on portable data storage media. 
Such protection has taken on new significance since 
other fomns of digital data are now also transported on 
portable data storage media. For example, current per- 
sonal computers read and write data storage media that 
is also used for ubiquitous audiovisual entertainment 
such as audio compact discs (CDs) and digital video 
discs (DVDs). Thus, common personal computers are 
capable of replicating very valuable data such that exact 
copies of the original data can easily be distributed to 
acquaintances. 

[0003] One recent development has greatly expand- 
ed the threat to commercial value of easily copyable dig- 
ital data: the Internet. Now, individuals can, and fre- 
quently do, post valuable digital data for free copying by 
millions of people. Such posting represents a cata- 
strophic failure of any attempts to prevent unauthorized 
copying. 

[0004] One early attempt at preventing unauthorized 
copying of software was to require a hardware device 
to be attached to a computer for the software to execute. 
Such devices were commonly referred to as "dongles." 
A dongle either included identification data checked by 
the software prior to execution or included encryption 
data and/or logic to decrypt software prior to execution. 
Dongles were typically externally attachable such that 
software could be transferred to another computer by 
attaching the dongle to the other computer. 
[0005] Dongles never realized much success in the 
marketplace. One reason is that multiple software prod- 
ucts can be installed in each computer. As a result, many 
dongles would have to be attached to each computer. 
Another reason is that adding a new hardware device 
to a computer could have unintended results, interfering 
with the nomial operation of the computer. A third rea- 
son is that many people have multiple computers and 
moving one of multiple dongles from one computer to 
another on a regular basis was a significant inconven- 
ience. In general, users preferred not to attach new 
hardware to their computers to run software if a com- 
peting software vendor did not require such additional 
hardware. 



[0006] Machine binding, for example, by use of don- 
gles, is generally unacceptable to people purchasing 
audiovisual content rather than computer software. Per- 
haps as a result of the portable nature of historical dls- 
5 tributlon nriedla of audiovisual content (e.g., vinyl al- 
bums, audio CDs, video tape, DVDs, etc.), the consum- 
ing public seems to expect that audiovisual content is 
pennitted to be played on any devices owned by the pur- 
chaser. For example, a purchaser of a video cassette 
10 tape of a particular movie expects to be able to view the 
movie on any video cassette player of a compatible for- 
mat. Thus, strict machine binding of audiovisual content 
is generally unacceptable by the consuming public. 
[0007] Another mechanism by which software ven- 
^5 dors attempt to thwart unauthorized copying of software 
is binding the software to a specific user For example, 
successful execution of the software can be made con- 
tingent upon entering a password by the specific user. 
Such generally provides Insufficient security since the 
20 user can communicate the password to a friend or as- 
sociate along with an unauthorized copy of the software. 
In addition, requiring a user to remember passwords for 
each software product and/or each audiovisual work ac- 
cessed by the user represents a considerable inconven- 
25 ience to the user. 

[OOOB] In general, it should be remembered that copy 
protection benefits the vendor of digital data, e.g., soft- 
ware and/or audiovisual works , and does not benefit the 
purchaser. Accordingly, purchasers of such digital data 
30 have a relatively low tolerance for inconvenience. As a 
result, the consuming public tends to purchase data 
from vendors employing less copy protection. 
[0009] What is needed is a mechanism by which cop- 
yrightable content of digital storage media Is protected 
35 against unauthorized copying while affording the owner 
of such digital storage reasonable unimpeded conven- 
ience of use and enjoyment of the content. 

SUMMARY OF THE INVENTION 

40 

[001 0] In accordance with the present invention, con- 
tent can converted from a machine-bound state to user- 
bound state without modification to the data itself. In- 
stead, keys used to access the content are converted 
^ from the machine-bound state to the user-bound state. 
In particular, the keys are kept in a passport data struc- 
ture which can represent either a machine-binding or a 
user-binding. 

[0011] In the machine-binding, the passport contains 
50 a private key and a certificate that includes a public key 
which is the reciprocal of the private key. The private 
key is encrypted using a hardware identifier specific to 
the computer system to which the passport is bound. 
The hardware identifier is specific to one or more hard- 
55 ware devices and is preferably unique with respect to 
computer systems capable of accessing the content in- 
tended to be bound. The public key is used to encrypt 
a master key with which the content is encrypted and to 
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create therefrom a media key which is included with the 
content along with the certificate of the machine-bound 
passport. As a result, the private l<ey is required to de- 
crypt the media and to recover the master key and there- 
fore to decrypt the content. By encrypting the private key 
with the hardware identifier of a particular computer sys- 
tem, the content is effectively bound to that computer 
system since the hardware identifier of that computer is 
required to recover the master key. 
[0012] In user-binding, the passport also contains a 
private key and a certificate that includes a public key 
which is the reciprocal of the private key. The user- 
bound passport secures the private key in largely the 
same manner as does a machine-bound passport ex- 
cept that the user-bound passport encrypts the private 
key with a user-supplied password. Accordingly, the 
password is required to decrypt the private key which in 
turn is required to decrypt the master key from the media 
key, and the master key is required to decrypt the con- 
tent. By requiring the password, the content is bound to 
the user in possession of the password. 
[0013] Since copy protection benefits the owner of 
copyrights and inconveniences the consumer of copy- 
righted works, a disincentive to sharing one's password 
is included in the user-bound passport. Specifically, the 
user-bound passport Includes infomnation which is ex- 
pected to be carefully guarded by the user. For example, 
the user-passport can include credit card information of 
the user sufficient to charge funds to the credit card, e. 
g., credit card number, expiration, and cardholder name. 
A billing address can also be included. During playback 
of content, the private user information is displayed. 
Therefore, sharing one's passport includes sharing 
one's credit. 

[0014] The user is provided with the option to have 
either a machine-bound passport or a user-bound pass- 
port. The machine-bound passport is more limited since 
content can only be played back on a specific machine. 
Such would be suitable for a person having access to 
only a single computer or to a person who is generally 
unsure of the entire process of purchasing copyrighted 
wori<s through a computer network. The user-bound 
passport is less limited and can be moved from compu- 
ter system to computer system. However, the user- 
bound passport requires that the user provide more sen- 
sitive, private infomnation. It Is expected that new users 
will opt for the machine-bound passport and will later 
wish to upgrade to the user-bound passport. Such can 
be required, for example, if the user sells or modifies the 
computer system to which the content is already bound. 
[0015] A machine-bound passport can be upgraded 
to a user-bound passport without modifying the bound 
content. In particular, the original private and public keys 
of the machine-bound passport are used in a newly cre- 
ated user-passport such that re-encryption of the con- 
tent is not required. Specifically, the private key of the 
machine-bound passport, in cleartext form, is included 
in the user-bound passport and encrypted using a user- 



supplied password to bind the private key to the user. In 
addition, private user information is collected and veri- 
fied and included in the user-bound passport. Thus, the 
user-supplied password decrypts the private key to pro- 
5 vide the same cleartext private key that results from de- 
crypting the private key of the machine-bound passport 
using the hardware identifier. Accordingly, the previous- 
ly machine-bound content can now be decrypted using 
the user-bound passport. In addition, since the user- 
bound passport is not bound to any particular hardware 
identifier, the content and the user-bound passport can 
be moved from computer system to computer system 
and can be played back with only the effort required to 
enter the user's password and to view the user's private 
'5 information. 

[001 6] In addition, upgrading a machine-bound pass- 
port can be initiated automatically upon detection that 
an attempt is made to play back machine-bound content 
on a machine other than the one to which the content is 
bound. 

[001 7] On occasion, a user might have multiple pass- 
ports. Some content may have been bound to a ma- 
chine-bound passport and other content may have been 
subsequently bound to a user-bound passport. Upgrad- 
ing of the machine-bound content involves adding the 
previously machine-bound keys to the user-bound 
passport such that the passport now contains multiple 
sets of keys. As a result, the same passport can be used 
to play back content acquired under two separate pass- 
ports. 

BRIEF DESCRIPTION OF THE DRAWINGS 
[0018] 

Figure 1 is a block diagram of a computer system 
that includes a server computer system coupled to 
a client computer system through a wide-area com- 
puter network. The client computer system includes 
a content player that in turn access data that is se- 
cured in accordance with the present invention. 
Figure 2 is a block diagram of the content player of 
Figure 1 in greater detail. 

Figures 3A-B are block diagrams of the security 
manager of the content player of Figure 2 in greater 
detail. 

Figure 4 Is a block diagram of a machine-bound 
passport generator In accordance with the present 
invention. 

Figure 5 is a block diagram of a full, portable pass- 
port generator in accordance with the present in- 
vention. 

Figure 6A is a block diagram of a passport converter 
that converts a machine-bound passport to a full 
passport in accordance with the present invention. 
Figure 6B is a logic flow diagram illustrating conver- 
sion of a passport in accordance with an alternative 
embodiment. 
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Figure 7 is a logic flow diagram of the authentication 
of a user for digital data acquisition In accordance 
with the present invention. 
Figure 8 Is a logic flow diagram of the acquisition of 
a new machine-bound passport during user authen- 
tication in accordance with the present invention. 
Figure 9 is a logic flow diagram of the processing 
by the server process of Figure 1 of a request for a 
new machine-bound passport in accordance with 
the present invention. 

Figure 10 is a logic flow diagram of the acquisition 
of a new full passport during user authentication in 
accordance with the present invention. 
Figure 11 Is a logic flow diagram of the processing 
by the server process of Figure 1 of a request for a 
new full passport in accordance with the present in- 
vention. 

Figure 12 is a logic flow diagram of the processing 
by the server process of Figure 1 of a request for a 
new full passport in accordance with the present in- 
vention. 

Figure 13 is a logic flow diagram of the processing 
by the server process of Figure 1 of a request for a 
new full passport in accordance with the present in- 
vention. 

Figure 14 is a logic flow diagram of the processing 
by the server process of Figure 1 of a request for a 
new full passport in accordance with the present in- 
vention. 

Figure 15 Is a logic flow diagram of the processing 
of a step of the logic flow diagram of Figure 14 in 
greater detail. 

Figure 16 is a logic flow diagram of the processing 
of a step of the logic flow diagram of Figure 14 in 
greater detail. 

Figure 1 7 is a block diagram showing the certificate 

database of Figure 1 in greater detail. 

Figure 18 is a block diagram showing the account 

record of Figure 17 in greater detail. 

Figure 1 9 is a block diagram showing the key record 

of Figure 1 7 in greater detail. 

Figure 20 is a block diagram showing the history 

record of Figure 1 7 in greater detail. . 

Figure 21 Is a block diagram of a certificate. 

Figure 22 Is a block diagram showing passport of 

Figure 1 in greater detail. 

Figure 23 is a block diagram of a user-bound pass- 
port. 

Figure 24 is a block diagram of a machine-bound 
passport. 

DETAILED DESCRIPTION 

[001 9] In accordance with the present invention, con- 
tent can converted from a machine-bound state to user- 
bound state without modification to the data itself. In- 
stead, keys used to access the content are converted 
from the machine-bound state to the user-bound state. 



In particular, the keys are kept In a passport data struc- 
ture which can represent either a machine-binding or a 
user-binding. 

[0020] Digital data delivery system 1 00 (Figure 1 ) In- 
s eludes an authorization system 1 02 and a client compu- 
ter system 104 which are coupled to one another 
through a wide-area computer network 106. In one em- 
bodiment, wide-area computer network 1 06 is the Inter- 
net. While a wide-area network 106 is shown, it is ap- 
10 predated that the principles of the system described 
herein are equally applicable to other networks such as 
local-area networks. Authorization system 1 02 includes 
a content database 122 and a certificate database 124. 
Content database 1 22 includes digital data content that 
IS is available for distribution from authorization system 
102. Such content can include, for example, data rep- 
resenting audiovisual works and/or computer software. 
[0021] While content database 122 is shown to be in- 
cluded within authorization system 1 02, It Is appreciated 
that it might be advantageous to separate content de- 
livery from access authentication and to locate content 
database 122 on a different server system. One advan- 
tage is that content delivery tends to involve transfer of 
large amounts of data. Such transfers benefit from being 
delivered from distributed delivery servers that are lo- 
cated close to client computer systems receiving the de- 
livered content. Conversely, authentication involves 
many small transactions that are less dependent upon 
fast data transfer rates but benefits from a centralized 
database of system-wide authentication. However, for 
simplicity, server and authentication tasks are both han- 
dled by authorization system 102, and authorization 
system 102 includes both content database 122 and . 
certificate database 124. 

[0022] Certificate database 124 includes data repre- 
senting the manner in which previously distributed con- 
tent of content database 122 is secured, either to a par- 
ticular client computer system or to a particular human 
purchaser. The types of infomnation stored in certificate 
database 124 are described more completely below. 
Briefly, such information includes digital certificates 
which are known authentication data structures, e.g., 
the known ITU-T X.509 certificate data structure. 
[0023] Authorization system 102 also Includes an au- 
thentication server 126 that is all or part of one or more 
computer processes executing within authorization sys- 
tem 102. Authentication server 126 receives requests 
through wide-area network 106 and serves such re- 
quests. Such requests include requests for machine- 
bound security for delivered content, for user-bound se- 
curity for delivered content, and for conversion of secu- 
rity of delivered content in a manner described more 
completely below. 

[0024] Client computer system 1 04 includes an ac- 
quired content database 144, a user database 146, one 
or more passports such as passport 1 4B, a hardware 
identifier 140, and a content player 142. Acquired con- 
tent database 144 includes content acquired from con- 
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tent database 1 22 and perhaps similar content databas- 
es. Such acquired content is secured in a manner de- 
scribed more completely below using one or more pass- 
ports. 

[0025] User database 146 stores infomnation for one s 
or more users of client computer system 104. Such in- 
formation includes, for example, passwords by which 
users can authenticate themselves. "Password" is used 
herein to describe any data provided by a user for au- 
thentication purposes. Accordingly, "password" is used 
herein to describe both single-word passwords and mul- 
tiple-word passwords that are sometimes generally re- 
ferred to as passphrases. 

[0026] Passports such as passport 148 represent the 
mechanism by which acquired content in acquired con- 
tent database 144 is secured. Passports are issued by 
authentication server 126. A passport can secure con- 
tent to a particular client computer system and/or to a 
particular user in a manner described more completely 
below. 

[0027] Hardware identifier 140 uniquely identifies cli- 
ent computer system 104 within certificate database 
124. In addition, hardware identifier 140 is derived from 
data that is difficult to change within client computer sys- 
tem 104, i.e., is read-only For example, hardware iden- 
tifier 140 can be a hash of data unique to one or more 
hardware components of client computer system 104 
such as (i) a serial number of a processor of client com- 
puter system 1 04, (ii) a MAC address of a network ac- 
cess card by which client computer system 1 04 access- 
es wide-area network 106, and (ill) serial numbers of 
one or more hard disk drives Installed In client computer 
system 104. In this illustrative embodiment, hardware 
identifier 1 40 is formed using the I nterlok® software tool 
set available from PACE Anti-Piracy of San Jose, Cali- 
fornia. 

[0028] Content player 1 42 is all or part of one or more 
computer processes executing within client computer 
system 104 and plays acquired content from acquired 
content database 144, which is sometimes referred to 
herein simply as "acquired content" or as "acquired con- 
tent 144." For example, if acquired content represents 
audio works, content player 142 converts data of ac- 
quired content to data appropriately formatted for play- 
back through a sound card and audio speakers of client 
computer system 1 04. Similarly, If acquired content rep- 
resents audiovisual works, content player 142 converts 
data of acquired content to data appropriately fonnatted 
for playback through a sound card and audio speakers 
and to a video display of client, computer system 1 04. 
Furthermore, if acquired content is computer software, 
content player 142 decodes computer instructions from 
acquired content and causes those decoded computer 
instructions to be executed by client computer system 
104. Acquired content can include generally any kind of 
data including without limitation (i) audiovisual works 
such as music, other recorded sound, motion video, and 
still images; (ii) documents in such formats as ASCII 



text, rich text fonnat (RTF), Microsoft® Word, and the 
portable document fonnat (PDF) of Adobe® Acrobat®; 
and (ill) executable computer software. 
[0029] Content player 142 Is shown In greater detail 
in Figure 2. Content player 142 includes a decryptor 202 
which decrypts acquired content 1 44 using a master key 
208 provided by a security manager 206. In this illustra- 
tive embodiment, decryptor 202 uses symmetric key de- 
cryption algorithms such as FIPS 46-2 DES or RSA Se- 
curity's RC4, for efficiency. Efficiency is important in this 
embodiment since acquired content must be both de- 
crypted and decoded by a decoder 204 for real-time 
playback. As used herein, real-time playback means 
that playback by content player 1 42 requires a minimum 
amount of decrypted and decoded data from acquired 
content 144 perunit of time. For example, if acquired 
content 144 represent audio works, content player 142 
must generally decrypt and decode 44,100 audio sam- 
ples per second — 176,400 bytes per second for CD- 
quality stereo audio. 

[0030] While symmetric key decryption affords effi- 
ciency in decrypting acquired content 144, such re- 
quires that master key 208 is somehow communicated 
from server process 126 (Figure 1), which uses master 
key 208 (Figure 2) to encrypt the content, to content 
player 142. Security manager 206 derives master key 
208 in a secure manner. 

[0031] Security manager 206 is shown in greater de- 
tail in Figures 3A and 3B. Figure 3A shows derivation of 
master key 208 from a user-bound passport 148A, and 
Figure 3B shows derivation of master key 208 from a 
machine-bound passport 148B. Security manager 206 
includes a decryptor 306 which uses a private key 304 
to decrypt master key 208 from a media key 302 that is 
included within acquired content 1 44. Private key 304 Is 
a private key of a private/public key pair within certificate 
database 124 (Figure 1). Decryptor 306 (Figure 3A) us- 
es asymmetric key decryption, e.g., the known RSA 
public key algorithm of RSA Security. 
[0032] Symmetric and asymmetric key encryption/de- 
cryption are known but are described briefly here for 
completeness. Symmetric key encryption uses the 
same key to encrypt and decrypt data. For example, da- 
ta Is encrypted using a specific data pattern referred to 
as a key. Encrypting the data scrambles the data in a 
manner that appears somewhat random and makes the 
data appear undecipherable. The encrypted data can 
be returned to its original, "clear" state by decrypting the 
data using the same specific key. 
[0033] Asymmetric key encryption uses two keys that 
are associated with one another to form a pair. One key 
is kept private and the other key is made public; accord- 
ingly, the key pair is sometimes referred to as a private/ 
public key pair. Encrypting with either key forms encrypt- 
ed data that can be decrypted using the other key of the 
pair. The keys of the pair are therefore sometimes gen- 
erally referred to as reciprocal to one another. Content 
player 142 (Figure 1) can cryptographically sign data by 



15 



20 



25 



30 



35 



40 



45 



50 



5 



9 



EP1 517 215 A2 



10 



encrypting the data using its private l<ey. Any holder of 
the pubiic !<ey of content player 142 can verify the sig- 
nature by decrypting the data using the public key of 
content player 142. Similarly, any holder of the pubiic 
key of content player 142 can encrypt data using the 
pubiic l<ey such that the data can be decrypted only us- 
ing the private Icey of content player 142. For exannple, 
server process 126 encrypts master Icey 208 (Figure 3) 
for passport 148A using the public key of a key pair to 
form media key 302 and including the private key of the 
pair within passport 148A. As a result, media key 302 
can be decrypted using the private key stored within 
passport USA, i.e., player private key 304. 
[0034] Security manager 206 obtains private key 304 
from either a user-bound passport 148A (Figure 3A) or 
a machine-bound passport 148B (Figure 3B). A pass- 
port is a data structure by which a private key that Is 
used to decrypt the media key, e.g., media key 208, of 
acquired content is bound to either a user or a computer 
system. A user-bound passport is bound to a particular 
user and can be transported to any computer system 
within which the user would like to playback acquired 
content Accordingly, a user-bound passport is some- 
times referred to as a full passport or a portable pass- 
port. A machine-bound passport is bound to a particular 
computer system for playback of acquired content and 
can be used by generally any user of the computer sys- 
tem. 

[0035] It should be noted that security is provided by 
decryptor 306 in conjunction with media key 302 and 
private key 304. Passports 1 48A-B provide a data struc- 
ture in which private key 304 can be bound to either a 
user or a specific computer system. Such binding limits 
portability of acquired content while providing the user 
a choice as to which type of binding is more convenient. 
In other words, the user can select either a machine- 
bound or a user-bound passport. 
[0036] To facilitate understanding and appreciation of 
this flexibility with respect to private key binding, the 
structure of a passport is described. Passport 148 (Fig- 
ure 1) can be either machine-bound or user-bound. 
Passport 148 is shown in greater detail in Figure 22 
which shows components which are common to both 
machine-bound and user-bound passports. Passport 
148 includes a passport information field 2204, a signa- 
ture algorithm field 2206, and a signature field 2208. 
[0037] Passport information field 2204 contains data 
representing the substantive Information of passport, in- 
cluding a private key by which acquired content bound 
to passport 148 can be decrypted. The type and struc- 
ture of data stored in passport information field 2204 de- 
pends upon the type of passport. For example, passport 
14BA (Figure 3A) is a user-bound, full passport and in- 
cludes passport infomnation 2204A of the type and 
structure described below in the context of Figure 23. 
Passport 1488 (Figure 38) is a machine-bound pass- 
port and includes passport information 22048 of the 
type and structure described below in the context of Fig- 



ure 24. 

[003B] Signature algorithm field 2206 and signature 
field 2208 collectively specify a cryptographic signature 
of passport Infomnatlon field 2204. Signature algorithm 

5 field 2206 specifies the specific algorithm and any pa- 
rameters thereof used to cryptograph ically sign pass- 
port infomriation field 2204. Signature field 2208 con- 
tains data representing the resulting cryptographic sig- 
nature using the private key of authentication server 

10 .126. Signature algorithm field 2206 and signature field 
2208 provide an effective mechanism for determining 
whether data stored within passport information 2204 
has been tampered with. For example, if a cracker 
changes data stored within passport infonriation 2204, 

15 the cracker must create a corresponding signature such 
that such tampering would go undetected. However, 
since the private key of authentication server 126 Is 
carefully guarded and held In the strictest secrecy, forg- 
ing such a cryptographic signature is particularly diffi- 

20 cult. 

[0039] Passport information 22048 (Figure 24) of ma- 
chine-bound passport 1468 is described below in the 
context of Figure 38. Passport infomnation 2204A (Fig- 
ure 23) includes the following data components: (i) user 

25 certificate 2302, (ii) private key 2304, (iii) private user 
information 2306, and (iv) registration key 2308. 
[0040] User certificate 2302 is a digital certificate by 
which the user is authenticated. Digital certificates and 
their use in authentication are known. In one embodi- 

30 rnent, user certificate 2302 Is in the form of an ITU-T X. 
509 digital certificate. 

[0041] User certificate 2302 includes a public key 
2320, validity dates 2322, a certificate serial number 
2324, and a digital signature 2326. Public key 2320 is 

35 the reciprocal of private key 2304. To bind content to the 
user to which user-bound passport 148A is bound, mas- 
ter key 208 is encrypted using pubiic key 2320 such that 
only private key 2304 can decrypt master key 208 from 
media key 302. Validity dates 2322 specify a time period 

^0 during which user certificate 2302 is considered valid. 
Certificate serial number 2324 uniquely identifies user 
certificate 2302 within certificate database 124 (Figure 
1). Digital signature 2326 is a digital signature attached 
by the entity Issuing user certificate 2302 and Is used to 

45 verify that user certificate 2302 (I) has not been tam- 
pered with and (ii) was Issued by the appropriate certif- 
icate authority. 

[0042] Private key 2304 is the private key of the key 
pair used to encrypt master key 208 (Figure 3A) to there- 
to by form media key 302, e.g., private key 304. Accord- 
ingly, decrypting media key 302 by decryptor 306 of se- 
curity manager 206 using private key 304 yields master 
key 208. In addition, private key 2304 Is the reciprocal 
key of public key 2320 of user certificate 2302. Private 
55 key 2304 is encrypted using registration key 2308, 
which is described below. 

[0043] Private user information 2306 contains Infor- 
mation about the user to which passport 1 48A is bound. 
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Such information Is preferably private and guarded by 
the user. Private user infonnation 2306 is displayed by 
client computer system 1 04 during playback of acquired 
content 144. Accordingly, the user is discouraged from 
sharing user-bound passport 1 4BA since such would re- 5 
quire sharing private user infonmation 2306 as well. Pri- 
vate user information 2306 Includes the user's name 
2362 and the user's credit card information 2364. Credit 
card infomfiation 2364 can include, for example, the 
credit card number, expiration date, and billing address. 
During registration of the user, credit card information 
2364 is verified to ensure that private user information 
2306 is accurate. If credit card information 2364 is inac- 
curate, e.g., includes a stolen credit card number en- 
tered by the user for registration purposes, the user is 
not adequately discouraged from sharing private infor- 
mation 2306, and therefore passport 1 48A and any con- 
tent bound thereto. 

[0044] Private user information 2306 is encrypted us- 
ing registration key 3208. Registration key 320B is in 
turn encrypted using a password supplied by the user. 
Accordingly, the user's password is required to decrypt 
registration key 2308, which is in turn required to decrypt 
private key 2304 and private user infonnation 2306. 
Registration key 2308 is stored within certificate data- 
base 124 In a format that is recoverable without the us- 
er's password such that a registration key 2304 can be 
generated for a new password in the event the user for- 
gets his password. 

[0045] Random number 231 0 stores pseudo-random 
data and Is included to frustrate cryptanalysis of encrypt- 
ed passport information 2204A. Authentication server 
1 26 generates a new random number each tinie pass- 
port 148A is reissued. Passport information 2204A is 
communicated through wide-area network 106 (Figure 
1) in an encrypted fomriat. Accordingly, changes to ran- 
dom number 231 0 propagate throughout passport infor- 
mation 2204A such that otherwise identical copies of 
passport infonnation 2204A look entirely different in en- 
crypted fomr». In one embodiment, random number2310 
Is used only when transporting passport infonnation 
2204A, through wide-area network 106 for example, 
and is not stored in the persistent disk record of passport 
148A. 

[0046] To get private key 304 (Figure 3A), decryptor 
310 of security manager 206 decrypts registration key 
2308 using the user-supplied password. The user sup- 
plies the password using conventional user-intertace 
techniques Is response to a prompt displayed to the user 
by content player 1 42. The result of decrypting registra- 
tion key 2308 is used as a key by decryptor 312 to de- 
crypt private key 304 from private key 2304. Private key 
304 Is used in the manner described above to obtain 
master key 208 by which acquired content can be de- 
crypted for playback. 

[0047] Machine-bound passport 148B (Figure 3B) is 
bound to client computer system 1 04 and not to any par- 
ticular user. As a result, playback of acquired content 



bound to passport 148B does not display private user 
infonnation such as private user infonnation 2306 (Fig- 
ure 23). Instead, private key 2404 (Figure 3B) of ma- 
chine-bound passport 1488 is encrypted using as a key 
the hardware identifier of the computer system to which 
passport 148B is bound. In this example, passport 148B 
is bound to client computer system 104 (Figure 1), and 
private key 2404 (Figure 3B) Is encrypted using hard- 
ware identifier 140. Accordingly, private key 2404 is de- 
crypted by decryptor 308 using hardware identifier 140 
as a key to thereby yield private key 304. Therefore, 
passport 148B is only useful when hardware identifier 
140 is available, i.e., when passport 148B Is used within 
client computer system 104. If passport 148B Is copied 
to another computer system which has a hardware iden- 
tifier which is not equivalent to hardware identifier 140, 
private key 304 cannot be derived from private key 
2404. Accordingly, passport 148B binds acquired con- 
tent 144 to client computer system 1 04. 
[0048] When content of content database 122 (Figure 
1) is purchased, authentication server 126 assists In 
binding the purchased content either to the computer 
system to which the content is to be delivered or to the 
purchasing user. The user is provided with the option as 
to which type of binding is prefen-ed. In one embodi- 
ment, the option is presented to the user upon first in- 
stalling content player 142 in client computer system 
and that choice is recorded and honored until the user 
actively makes a different choice. If the user would like 
to access the content on multiple computer systems (or 
at least a computer system other than the one used to 
make the purchase), the user selects user-binding af- 
forded by a passport such as passport 1 48A (Figure 3A). 
Alternatively, if the user would prefer not to provide pri- 
vate user Infonnation such as private user information 
2306 (Figure 23) and Is willing to access the content only 
on the particular computer system through which the 
purchase is conducted, the user selects machine-bind- 
ing afforded by a passport such as passport 148B (Fig- 
ure 3B). 

[0049] To prepare content for binding to either a user 
or a computer system, the content is encrypted using a 
master key such as master key 208 (Figure 4) which is 
in turn encrypted by an encryptor 406 tofonn media key 
302. Media key 302 is included with the encrypted con- 
tent. A public key304Bis used In conjunction with asym- 
metric encryption to form media key 302 such that media 
key 302, and therefore the encrypted content itself, can 
only be decrypted with private key 304. 
[0050] To bind content to a particular computer sys- 
tem, authentication server 126 includes a machine- 
bound passport generator 404 (Figure 4). Within certif- 
icate database 1 24 (Figure 1 ), authentication server 1 26 
stores private/public key pairs for all content players reg- 
istered with authentication server 126 such as content 
player 142. To facilitate understanding and appreciation 
of the operation of authentication server 126, the type 
and structure of data stored within certificate database 
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124 Is described more completely In the context of Fig- 
ure 17. 

[0051] Certificate database 1 27 includes a number of 
tables, namely, (I) a table of account records 1702, (ii) 
a table of key records 1704, and (III) a table of history 
records 1706. An account record such as account 
record 1702 stores data pertaining to a particuiar user 
within content distribution system 1 00 (Figure 1 ). A key 
record such as key record 1704 (Figure 17) represents 
a private/public key pair used to encrypt delivered con- 
tent in the manner described above and includes usage 
parameters of the key pair such as expiration and limits 
on the number of times the key pair can be reissued. 
Reissue of a key pair is described be\ovj In greater de- 
tail. A history record such as history record 1706 repre- 
sents an event such as reissue of a key pair or conver- 
sion of a passport from machine-bound to user-bound. 
Fraud and/or unauthorized copying of passports and/or 
content can sometimes be detected by examining his- 
tory records. For exam pie, requests by the same user 
from many different client computer systems to replace 
lost keys suggests that a user has provided numerous 
copies of her passport to others. 
[0052] Account record 1 702 is shown in greater detail 
in Figure 18 and includes the following fields: (i) serial 
number field 1802, (ii) name field 1804, (iii) e-mail ad- 
dress field 1806, (iv) country field 1 808, (v) question field 
1810, (vi) answer field 1812, (vii) status field 1814, and 
(viii) type field 1816. Serial number field 1802 stores a 
serial number that is unique within serial numbers proc- 
essed within authentication server 126. Serial numbers 
are used in this illustrative embodiment to associate re- 
lated records. For example, if account record 1702 rep- 
resents a specific user and key record 1 704 (Figure 1 9) 
represent the user's private/public key pair, the serial 
number stored in serial number field 1 802 (Figure 1 8) is 
equivalent to the serial number stored in serial number 
field 1 902 (Figure 1 9). Furthennore, history records per- 
taining to the user's account and keys can be found by 
locating history records with an equivalent serial number 
stored in serial number field 2002 (Figure 20). 
[0053] Name field 1804 (Figure 18) stores data rep- 
resenting the name of the user who owns the account 
represented by account record 1702. E-mail address 
field 1 806 stores data representing the user's e-mail ad- 
dress. Country field 1808 stores data representing the 
user's country of residence. 

[0054] Question field 1810 and answer field 181 2 are 
used to authenticate the user, for example, when a re- 
quest to modify account record 1 702 is received. Ques- 
tion field 1810 specifies a question to be asked of the 
user, and answer field 1812 specifies the correct re- 
sponse. For example, the question can be regarding the 
user's mother's maiden name. 

[0055] Status field 1814 represents the status of the 
account. Status values stored within status field 1814 
include "valid" and "revoked." Type field 1814 repre- 
sents the type of account. Type values stored within type 



field 1814 Include "machine-bound" and "user-bound." 
[0056] Key record 1704 Is shown in greater detail In 
Figure 19 and includes the following fields: (i) serial 
number field 1902, (ii) private key field 1904, (ill) public 

5 key field 1 906, (Iv) validity dates field 1 908, (v) reissue 
limit field 1910, (vi) passport key limit 1912, and (vii) 
hardware identifier 1914. Serial number field 1902 
stores the serial number to which the key record corre- 
sponds. Private key field 1 904 and public key field 1 906 

10 store the private and public keys, respectively, of the pri- 
vate/public key pair represented by key record 1704. 
[0057] Validity dates field 1908 specifies dates for 
which certificates created from key record 1 704 are val- 
id. When the validity end date In key record 1704 has 

IS expired, certificates created from key record 1 704 can 
no longer be used to purchase content from content da- 
tabase 122. However, certificates created from key 
record 1 704 in the manner described below continue to 
correctly decrypt previously acquired content. When key 

20 record 1 704 is renewed, validity dates field 1 908 is up- 
dated to specify new, different validity dates and private 
key 1 904 and public key 1 906 remain unchanged. As a 
result, content acquired using an expired passport 
based on key record 1 704 can be decrypted using a re- 

25 newed version of the same passport, i.e., created from 
a renewed version of key record 1704, since the re- 
newed passport includes the same keys. However, it 
should be appreciated that renewal can require that the 
user change herpassword and, as a result, components 

30 of the passport which are encrypted with the user's 
password will look different^ 

[005B] Reissue limit field 1 910 specifies a maximum 
number of times this the keys of key record 1704 can 
be reissued in the manner described more completely 
35 below. Passport key limit field 1 912 specifies the maxi- 
mum number of keys that can be held by a passport held 
by the owner of the associated account as determined 
by serial number field 1902 in the manner described 
above. Hardware identifier field 1 914 represents a hard- 
40 ware identifier to which the key pair is bound in the man- 
ner described above. For example, if hardware identifier 
field 1914 represents hardware identifier 140, a ma- 
chine-bound passport including the private key repre- 
sented in private key field 1 904 Is encrypted using hard- 
^ ware identifier 140. 

[0059] History record 1 706 (Figure 1 7) Is shown more 
completely In FIgu re 20 and includes the following fields: 
(I) serial number field 2002, (ii) creation field 2004, and 
(III) activity field 2006. Serial number field 2002 stores a 
so serial number which is analogous to that described 
above with respect to serial number fields 1802 (Figure 
18) and 1902 (Figure 19). Creation field 2004 (Figure 
20) specifies a time when history record 1 706 is created. 
Activity field 2006 specifies the type of activity associat- 
es ed with the serial number of serial number field 2002 to 
be recorded in the table of history records 1706 (Figure 
1 7). Types represented by activity field 2006 include, for 
example, reissue of a key, renewal of a key, and addition 
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of a key to a user-bound passport. 
[0060] Authentication server 1 26 can create a digital 
certificate, for exampie, an ITU-T X.509 certificate, from 
fieids of account record 1702 and key record 1704 as 
shown In Figure 21. In particular, certificate 2100 In- 
cludes public key 1 906 and validity dates 1 908 from key 
record 1 704 (Figure 1 9) and name 1 804 (Figure 21 ), e- 
maii address 1806, and country 1808 from account 
record 1702 (Figure 18). In addition, certificate 2100 in- 
cludes a certificate serial number 2102 which, in this il- 
iustrative embodiment, comports with the ITU-T X.509 
specification. It should be noted that certificate serial 
number 2102 Is unrelated to and Independent of serial 
numbers 1802 (Figure 18), 1902 (Figure 19), and 2002 
(Figure 20). Certificate 2100 also includes a digital sig- 
nature 2104 created by authentication server 126 from 
the private key of authentication server 126 In compli- 
ance with the rrU-T X.509 specification In this illustrative 
embodiment. 

[0061] Certificate database 124 provides a compre- 
hensive and flexible basis for authentication of acquired 
content, whether machine-bound or user-bound. 
[0062] Returning now to machine-bound passport 
generator 404 (Figure 4), master key 208 can only be 
decrypted from media key 302 using private key 304. 
Therefore, to bind media key 302, and any content as- 
sociated therewith, to client computer system 104 (Fig- 
ure 1), private key 304 is encrypted within an encryptor 
408 to form private key 2404 using hardware identifier 
140 as a key. Thus, hardware identifier 140 is required 
to decrypt and restore private key 304 which is then 
needed to decrypt and restore master key 208 which Is 
in turn needed to decrypt the acquired content encrypt- 
ed therewith. Hardware identifier 140 Is represented In 
hardware identifier field 1 91 4 of key pair 1 704 which In- 
cludes private key 304 and public key 304B in private 
key field 1904 and public key field 1906, respectively. 
[0063] Private key 2404 is included in passport infor- 
mation 2204A by a passport packer 410 which also 
signs passport information 2204B using the private key 
of authentication server 126 to form signature 2208. In 
addition, passport packer 410 sends passport informa- 
tion 2204B and signature 2208 to content player 142 
through a secure channel In the manner described more 
completely below. Thus, machine-bound passport gen- 
erator 404 binds content encrypted with master key 208 
to hardware Identifier 140. 

[0064] Authentication server 126 also Includes a full 
passport generator 504 (Figure 5) which creates user- 
bound passports such as passport 148A (Figure 3A). 
Encryptor 406 encrypts master key 208 using public key 
3048 to fomn media key 302 in the manner described 
above. 

[0065] Full passport generator 504 (Figure 5) includes 
an encryptor 508 which encrypts the reciprocal key, i.e., 
private key 304, using a clear registration key 520 to 
form private key 2304. Accordingly, private key 2304 is 
obscured and ready for Inclusion in passport information 



2204 A. Clear registration key 520 is encrypted by an en- 
cryptor 506 using a user-supplied password as a key to 
form registration key 2308. To discourage distribution of 
the resulting full passport to other users, a passport 
5 packer 51 0 packages private key 2304 and registration 
key 2308 with private user information 2306 to form 
passport information 2204A. In addition, passport pack- 
er 51 0 forms signature 2208 to detect and prevent tam- 
pering with passport information 2204A. In one embod- 
10 iment, private user information 2306 is encrypted using 
the user-supplied password to protect the user's private 
infonmation when acquired content is not being played 
back. To successfully decrypt acquired content encrypt- 
ed with master key 208 using passport Infomnation 
15 2204A, the authenticity of signature 2208 is verified and 
private key 2304 and registration key 2308 are parsed 
from passport infomnation 2204A. Registration key 2308 
is then decrypted using a key supplied by the user and, 
after decryption, used to decrypt private key 304 from 
private key 2304. Private key 304 is then used to decrypt 
master key 208 from media key 302 which is parsed 
from the acquired content. Passport packer 510 sends 
passport infomnation 2204A and signature 2208 to con- 
tent player 142 through a secure channel in the manner 
described more completely below. 
[0066] At some point, a user who has previously opted 
to play acquired data only using client computer 104, i. 
e., who has previously opted for machine-binding, may 
prefer to upgrade from machine-binding to user-binding 
such that the user can play acquired content using a dif- 
ferent computer system. For example, the user may 
have replaced his previous computer system with a new 
one or may have acquired an additional computer sys- 
tem. Conversion by authentication server 126 of a ma- 
chine-bound passport such as passport 1488 to a user- 
bound passport such as passport 1488 is performed by 
a passport converter 602 (Figure 6A). 
[0067] To convert the passport, passport converter 
602 receives hardware identifier 140, private user infor- 
mation 2306, and the user-supplied password. These 
elements are received from client computer system 1 04 
through a secure connection. Private user information 
2306 and the user-supplied password are entered by a 
user of client computer system 1 02 at the time of con- 
version since such Infomnatton is required In a user- 
bound password but not required in a machine-bound 
passport. An Important consideration in the conversion 
from machine-bound Is that no modification to any ac- 
quired content is required. In essence, the core private 
key required to decrypt the acquired content, e.g., pri- 
vate key 304, is preserved within the converted passport 
such that media key 302 can remain unchanged. 
[0068] Passport converter 602 of Figure 6A is a some- 
what simplified embodiment in which the majority of 
processing is perfonned by authentication server 126. 
An alternative embodiment In which some of the ele- 
ments of passport converter 602 are part of content 
player 142 is described below in the context of Figure 
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6B. 

[0069] Passport converter 602 includes a passport 
parser 604 which verifies signature 2208B of the pass- 
port to be upgraded and parses private key 2404 from 
passport infomnation 2204B. In addition, passport con- 
verter 602 inciudes a decryptor 606 which decrypts pri- 
vate key 2404 using hardware identifier 1 40 as a key to 
re-derive private key 304. Alternatively, authentication 
server 126 uses hardware identifier 140 to retrieve key 
record 1 704 (Figure 1 9) corresponding to keys 304 and 
304B according to hardware identifier field 1914 from 
certificate database 124. In either case, private key 304 
(Figure 6A) is necessary to play any acquired content 
previously bound to client computer system 104 using 
hardware identifier 1 40. 

[0070] Passport converter 602 includes encryptors 
506 and 508 which fomri private key 2304 and registra- 
tion key 2308 in the manner described above in the con- 
text of Figure 5. Private user Information 2305 is also 
encrypted using the user-supplied password as a key. 
Passport converter 602 includes passport packer 510 
which packages private key 2304, registration key 2308, 
and private user information 2306 to fonn passport in- 
formation 2204A. Passport packer 510 forms signature 
2208 to detect and prevent tampering with passport in- 
formation 2204A. As described above with respect to 
Figure 38, a user-bound passport such as passport 
148A binds acquired content to a specific user through 
requiring the user-supplied password and through dis- 
play of private user infomnation 2306 (Figure 23). Pass- 
port 148A and any content accessible therethrough are 
not bound to hardware identifier 1 40 and can be moved 
to other computer systems for playback. 
[0071] Logicf low diagram 650 (Figure 68) shows con- 
version of machine-bound passport 1488 to user-bound 
passport 14BA in accordance with an alternative em- 
bodiment. In step 652, content player 142 encrypts 
hardware identifier 140 using the public key of passport 
1 488, e.g., the public key of certificate 2402. In step 654, 
content player 142 sends the certificate of passport 
1488 and the encrypted hardware identifier to authen- 
tication server 1 26 as part of a request to upgrade pass- 
port 1488 to a user-bound passport. 
[0072] In step 666, authentication server 126 receives 
the certificate and encrypted hardware identifier from 
content player 1 42. In step 658, authentication server 
126 verifies the signature of the certificate. Authentica- 
tion server 126 retrieves the certificate record, e.g., cer- 
tificate record 21 00 (Figure 21 ), corresponding to the re- 
ceived certificate from certificate database 1 24 In step 
660 (Figure 68). In step 662, authentication server 126 
gets the associated account record, e.g. , account record 
1702, and key record, e.g., key record 1704. 
[0073] In step 664, authentication server 1 26 decrypts 
the received encrypted handware identifier using the pri- 
vate key of the retrieved key record, e.g., private key 
1904 of key record 1704. In step 666, authentication 
server 1 26 compares the decrypted hardware identifier 



to the hardware identifier of the retrieved key record, e. 
g., hardware identifier 1914 of key record 1704. If the 
hardware identifiers do not match, conversion of pass- 
port 1488 fails. Otherwise, conversion continues. 
5 [0074] In step 668, authentication server 126 builds 
and sends a full passport record with a cleartext private 
key and registration key and blank user information. 
Cleartext is used herein as in common usage in cryp- 
tography to mean un-encrypted and not necessarily hu- 
man-intelligible text. It should be noted that a key can 
be formed using an encryption algorithm but is consid- 
ered cleartext if the key does not require decryption prior 
to using the key, for example, to encrypt/decrypt other 
data. The full passport record is sent to content player 
142 through a secure channel. 
[0075] In step 670, content player 142 receives the 
full passport record from authentication server 126. 
Content player 142 receives a user-supplied password 
and private user Information from the user by conven- 
tional user-interface techniques in step 672, 
[0078] In step 674, content player 142 encrypts the 
private user information, private key, and registration 
key using the user-supplied password in the manner de- 
scribed above with respect to encryptors 506-508 (Fig- 
ure 6A) and passport packer 510. 

Use of Convertible Passports For Purchase and 
Playback of Data 

[0077] Logic flow diagram 700 (Figure 7) illustrates 
authentication by content player 142 (Figure 1) during 
a purchase of data by a purchasing user, in test step 
702 (Figure 7), content player 142 (Figure 1 ) detennines 
whether a full, user-bound passport Is present, in one 
embodiment, content player 142 includes a registry of 
one or more passports associated with data that can be 
played through content player 142. If a full passport is 
present, processing transfers to step 704 (Figure 7) in 
which the purchasing user enters a password using con- 
ventional user-interface techniques. In test step 706 
(Figure 7), content player 142 detemriines whether the 
entered password corresponds to the full passport de- 
termined to be present in test step 702 which is some- 
times referred to herein as the selected full passport. 
Content player 142 makes such a determination by at- 
tempting to decrypt private key 2304 (Figure 23) of the 
selected full passport. In this illustrative embodiment, 
private key 2304 Is encrypted using the known PKCS 
#5 password encryption algorithm of RSA Security and 
use of that algorithm provides a signal indicating wheth- 
er the password used to decrypt private key 2304 is the 
correct password. If the password does not correspond 
to the selected full passport, processing transfers back 
to step 704 and the user enters another password. If the 
password corresponds to the selected full passport, 
processing transfers to step 708 in which processing of 
the purchase of content continues. 
[0078] The purchase includes selection of specific 
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content to be purchased and payment authorization. 
The specific content selected by the user for purchase 
Is sonnetimes ref en^ed to herein as the seiected content. 
Content player 142 provides the certificate inside its 
passport specifying the selected fui) passport as the 
passport to which the seiected content should be bound, 
and authentication server. 126 binds the content to the 
selected certificate In the nnanner described above with 
respect to Figure 5. In particular, the master key of the 
selected content is encrypted by encryptor 406 using 
piayer pubiic key 304B as the key to fomri media key 
302. Fuli passport generator 504 is not used since the 
selected fuii passport already exists within content piay- 
er 142. Use of public key 304B to encrypt master key 
208 binds the content to a passport that includes private 
key 304. The certificate serial number, e.g., certificate 
serial number 2102, included in the selected content 
identifies to which passport the selected content is 
bound. 

[0079] Returning now to test step 702 (Figure 7), if no 
full passport is present within content player 142, 
processing transfers to test step 710. In test step 710, 
content player 142 detemnines whether a machine- 
bound passport is present. If no machine-bound pass- 
port Is present, processing transfers to step 718 which 
is described below. Conversely, if a machine-bound 
passport is present, processing transfers to step 71 2. 
[0080] in step 71 2, content player 1 42 retrieves hard- 
ware identifier 140. in test step 714, content player 1 42 
determines whether hardware identifier 1 40 Is the hard- 
ware Identifier corresponding to the machine-bound 
passport located by content player 142. In one embod- 
iment, such a determination is made by attempting to 
decrypt private key 2404 using hardware identifier 140 
using a decryption algorithm, such as the RSA PCKS 
#5 algorithm, which indicates whether the key used for 
decryption is the correct key. If not, processing transfers 
to step 716 in which an error message is presented to 
the user. The error message indicates that the located 
machine-bound passport does not belong to client com- 
puter system 104. Content player 142 can respond in 
various ways to such an error. For example, content 
player 142 can instruct the user to delete the erroneous 
machine-bound passport and re-initiate processing ac- 
cording to logic flow diagram 700 (processing will reach 
steps 718 et seq. below in the subsequent iterative 
processing according to logic flow diagram 700). Con- 
tent player 1 42 can also report such an error to authen- 
tication server 126 such that unauthorized distribution 
of machine-bound passports can be tracked. 
[0081] If, however, hardware identifier 140 is the cor- 
rect identifier, processing transfers from test step 714 to 
step 708 and the purchase process continues in the 
manner described above, except that any purchased 
content is bound to a machine-bound passport. In re- 
questing the selected content, content player 1 42 sends 
its certificate to authentication server 126. Authentica- 
tion server 126 uses the public key of that certificate to 



encrypt master key 208 to thereby bind the selected 
content to content player 142. The machine-bound 
passport detected by content player 142 already in- 
cludes the private key of content player 142 encrypted 
5 using hardware key 140. 

[0082] Returning to test step 71 0 (Figure 7); if no ma- 
chine-bound passport is found by content player 142, 
content player 142 has no passports at all and process- 
ing transfers to step 71 8. In step 718, content player 142 
10 requests a new machine-bound passport from authen- 
tication server 126. Step 718 is described more com- 
pletely below in conjunction with logic flow diagram 71 8 
(Figure 8). After step 71 8, content player 1 42 constructs 
a new machine-bound passport from a machine-bound 
f5 passport record received from authentication server 
126. After step 720, the purchase of content continues 
in step 708 in the manner described above. 
[0083] Logic flow diagram 718 (Figure 8) shows the 
requesting of a machine-bound passport in greater de- 
tail. In step 802, content player 1 42 establishes a secure 
connection with authentication server 126. Such a se- 
cure connection is described below in greater detail. In 
step 804, content piayer 142 requests an information 
template for a new machine-bound passport. In re- 
sponse to such a request, authentication server 126 
sends an information template for new machine-bound 
passports. An information template is a collection of da- 
ta specifying user-supplied data fields and prompts 
therefore. In one embodiment, the information template 
is an XML description of the data to collect from the user. 
If an information template is received by content player 
142, processing transfers through test step 806 to step 
808 in which content player 142 gathers information 
specified In the received information template. Such in- 
formation can be entered by the user using conventional 
user-interface techniques. Processing transfers to step 
810. If no infomnation template is received, processing 
transfers straightthrough test step 806 to step 81 0, skip- 
ping step 808. 

[0084] In step 810, content player 142 sends hard- 
ware identifier 140 and any user-supplied information to 
authentication server 126 as a request for a new ma- 
chine-bound passport. After step 810, processing ac- 
cording to logic flow diagram 718, and therefore step 
718 (Figure 7), completes. 

[0085] Logic flow diagram 900 (Figure 9) illustrates 
processing by authentication server 1 26 (Figure 1 ) in re- 
sponse to a request for a new machine-bound passport 
made by content player 142 in step 810 (Figure 8). In 
step 902 (Figure 9), authentication server 126 receives 
the hardware Identifier and any user-supplied informa- 
tion. In test step 904, authentication server 126 deter- 
mines whether any key records corresponding to the re- 
ceived hardware identifier exist in certificate database 
124. Authentication server 126 makes such a determi- 
nation by searching for key records, e.g., key record 
1704 (Figure 19), representing an equivalent hardware 
identifier within hardware identifier field 1914. If no such 
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key record is found, processing transfers to step 906 
(Figure 9). Conversely, If such a key record is found, 
processing transfers to test step 912, which is described 
beiow. 

[0086] in step 906, authentication server 126 creates s 
a new private/public key pair and creates a new certifi- 
cate based on the new key pair, e.g., the key pair of key 
record 1 704 (Figure 1 9) and certificate 21 00 (Figure21 ), 
respectively. In step 908 (Figure 9), authentication serv- 
er 1 26 associates the new certificate with the received io 
hardware identifier, e.g., hardware Identifier 140, within 
certificate database 124. Such association is acconn- 
plished by storing hardware identifier 140 In hardware 
Identifier field 1914 (Figure 19) of key record 1704. In 
step 910 (Figure 9), authentication server 126 returns is 
to content player 1 42 a machine-bound passport record. 
A nnachine-bound passport record is a collection of data 
from which content player 1 42 can construct a machine- 
bound passport such as passport 148B described 
above. Such a machine-bound passport record in- 20 
eludes, for example, passport information 2204B (Fig- 
ure 24) and signature algorithm 2206 and signature 
2208. After step 910 (Figure 9), processing according 
to logic flow diagram 900 completes. 
[0087] Returning to test step 904, If a key pair asso- 25 
dated with hardware Identifier 140 (Figure 1) is already 
present within certificate database 124, processing 
transfers to test step 912 (Figure 9) in which a policy 
decision is implemented. The policy detennlnes wheth- 
er to allow keys associated with existing machine-bound so 
passports to be re-issued. It is possible that a user loses 
a machine-bound passport, e.g., through Inadvertent 
deletion or through data loss due to a hardware failure. 
In addition, if re-issue of machine-bound passport keys 
are allowed, the number of times such re-issue Is per- 35 
mittedcan be limited. For example, such a limit is spec- 
ified in reissue limit field 1910 (Figure 19). In one em- 
bodiment, a limit of zero indicates that machine-bound 
keys cannot be reissued. In this embodiment, reissue 
limit field 1 91 0 stores data having a value of one to in- ^0 
dicate that machine-bound keys can be re-issued only 
once. If policy determines that these keys shall not be 
re-issued, e.g., since keys are not re-issued or since 
certificate database 124 indicates that the maximum 
permitted number of re-issues have been perfomied for 45 
this machine-bound passport, processing transfers to 
step 914 (Figure 9). In step 914, an error Is returned 
rather than a machine-bound passport record. Con- 
versely, if the re-issue Is pemnitted by policy, processing 
transfers to step 916. Policy can permit such re- issue if so 
re-issue is pennitted generally and certificate database 
124 indicates that less than the maximum pemnitted 
number of re-issues have been performed. In one em- 
bodiment, authentication server 126 determines the 
number of time keys of key record 1 704 (Figure 1 7) have ss 
been re-issued by searching for and counting history 
records such as history record 1 706 within certificate da- 
tabase 124 represent such a re-issue. History record 



1706 represents a re-issue of the keys of key record 
1704 if serial number 2002 (Figure 20) corresponds to 
serial number 1902 (Figure 19) and activity field 2006 
specifies a re-issue event. 

[0088] In step 916, authentication server 126 re- 
trieves the private/public key pair associated with the 
received hardware identifier, e.g., the key pair of key 
record 1704 associated with hardware identifier 140, 
from certificate database 124 and forms a machine- 
bound passport record from the reprieved pair in the 
manner described above. In step 918, authentication 
server 126 updates certificate database 124 to reflect 
the additional issuance of the keys associated with the 
received hardware identifier. In this illustrative embodi- 
ment, authentication server 126 records such a re-issue 
by creating a new history record, e.g, history record 
1706, with serial number 2002 (Figure 20) correspond- 
ing to serial number 1902 (Figure 19) of the key record 
and activity field 2006 representing a re-issue event 
Processing transfers from step 91 8 to step 91 0 in which 
the passport record is returned in the manner described 
above. After step 910, processing according to logic flow 
diagram 900 completes. 

[0089] Logic flow diagram 1 000 (Figure 1 0) illustrates 
the processing of passports during access of acquired 
content. In the context of Figures 10-16, specific content 
of acquired content 144 has been selected by the user 
for playback and that content is sometimes referred to 
as the selected acquired content. In test step 1002 (Fig- 
ure 10), content player 142 determines whether a full 
passport is present, if not, processing transfer to test 
step 1008, which is described more completely below. 
Conversely, If a full passport Is present, processing 
transfers to step 1004 in which content player 142 au- 
thenticates the user through checking a user-supplied 
password in the manner described above with respect 
to steps 704 (Figure 7) and 706. After the user is au- 
thenticated, content player 142 attempts, in step 1006 
(Figure 10), to playback the selected content using the 
full, user-bound passport located in test step 1002. 
[0090] in test step 1008, content player 142 deter- 
mines whether a machine-bound passport is present. If 
not, no passport is present and processing transfers to 
dialog step 1 01 6. On the other hand, if a machine-bound 
passport is present, processing transfers to step 1010 
in which content player 142 verifies that hardware Iden- 
tifier 140 corresponds to the machine-bound passport 
in the manner described above with respect to steps 712 
(Figure 7) and 714. If step 1010 produces a verification 
error, i.e., if hardware identifier 140 does not correspond 
to the machine-bound passport, processing transfers to 
dialog step 1 01 6 which is described below. Conversely, 
if verification is successful, processing transfers to step 
1006. 

[0091] In step 1006, content player 142 attempts to 
playback the selected content. In test step 1012, content 
player 142 determines whether attempted playback is 
successful, i.e., whether the passport key successfully 
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decodes the selected content. Such a determination is 
made In the manner described above with respect to 
steps 706 (Figure 7) and 714. 
[0092] If the selected passport key successfully de- 
crypts the selected content, processing transfers to step 5 
1014 in which content player 142 continues with play- 
back of the selected content. At step 1014, the user and/ 
or client computer system 1 04 have been authenticated 
as entitled to access the selected content. 
[0093] if. on the other hand, the selected passport key 
cannot successfully decrypt the selected content, 
processing transfers to dialog step 1 01 6. Thus, process- 
ing transfers to dialog step 1016 if no passport is detect- 
ed by content player 142 (through test step 1008), if 
hardware identifier 1 40 does not correspond to the ma- '5 
chine-bound passport located by content player 142 
(from step 1010), or if the selected passport key cannot 
successfully decrypt the selected content (through test 
step 1012). In dialog step 1016, content player 142 re- 
ports to the user that the user is not authorized to play 20 
the selected content and asks the user if the user would 
like to become so authorized. 

[0094] If the user responds in the negative, process- 
ing transfers to step 1020 in which content player 142 
returns an error and temni nates processing. Conversely, 2s 
if the user responds in the affirmative, processing trans- 
fers to step 1 01 8 in which a new passport is created for 
the selected content and continues to step 1 01 4 in which 
content player 142 continues with playback of the se- 
lected content. 50 
[0095] Step 1018 Is shown in greater detail as logic 
flow diagram 1018 (Figure 11). In step 1102, content 
player 1 42 retrieves a content certificate from the select- 
ed content. The content certificate Is a digital certificate, 
e.g., an ITU-T X. 5 09 digital certificate, which is included 35 
in the selected content and which identifies who ac- 
quired the content originally. Certificate 21 00 (Figure 21 ) 
is an illustrative example of such a certificate and is de- 
scribed more completely above. In this illustrative em- 
bodiment, contentplayer 1 42 retrieves the certificate se- ^0 
rial number, e.g., certificate serial number 2102, by 
which authentication server 126 (Figure 1) can locate 
certificate 2100 within certificate database 124. In test 
step 1104 (Figure 11), content player 142 determines 
whether the user has a full passport. Content player 1 42 
can make such a determination based upon presence 
of a full passport as determined in step 1 002 (Figure 1 0) 
or upon failure of the user to authenticate any present 
full passport in step 1004. In addition, the user can be 
asked for a name and e-mail address and the user's re- so 
sponses thereto can be used to search for account 
records such as account record 1 702 (Figure 1 8) having 
equivalent name field 1804 and e-mail address field 
1806. If the user has a full passport, processing trans- 
fers to step 1 1 06 (Figure 1 1 ) in which content player 1 42 55 
requests a passport for the selected acquired content 
using the user's full passport infonnation, including pri- 
vate user information 2306 (Figure 23). If the user has 



no full passport, processing transfers to step 1114 (Fig- 
ure 11) In which content player 142 requests a passport 
for the selected content using hardware identifier 140. 
In this embodiment, the user Is provided with an oppor- 
tunity to provide some personal Information such as a 
name, e-mail address, and country of residence and that 
information can accompany hardware identifier 140 in 
the request for a new passport in step 1114. 
[0096] Processing by authentication server 1 26 in re- 
sponse to requests of steps 1 1 06 and 1 1 1 4 is described 
below In conjunction with Figures 1 3 and 12, respective- 
ly. In response to the request of step 1106 (Figure 11). 
authentication server 126 can send a full passport 
record or an error message. In response to the request 
of step 1114, authentication server 126 can send a ma- 
chine-bound passport record or an error message. 
[0097] in test step 1108, content player 142 deter- 
mines whether a full passport record Is returned by au- 
thentication server 126. If not, an error is returned and 
processing according to logic flow diagrams 1018 and 
1000 terminates. Conversely, if a full passport record is 
returned, processing transfers to step 1110. 
[0098] in step 1110, content player 142 secures the 
full passport information of the full passport record with 
a user-supplied password in the manner described 
above with respect to full passport generator 504 (Fig- 
ure 5). 

[0099] Processing transfers from step 1110 (Figure 
1 1 ) to step 1 1 1 2 in which content player 1 42 creates full 
passport 148A (Figure 3A) from the full passport infor- 
mation received from authentication server 126. 
[0100] Processing transfers from step 1114 to test 
step 1116. In test step 1116, content player 142 deter- 
mines whether data received from authentication server 
126 In response to the request of step 1114orstep 1106 
represents a machine-bound passport record. If so, con- 
tent player 1 42 creates a machine-bound passport such 
as passport 1 48B (Figure 3B) using the machine-bound 
passport record and processing according to logic flow 
diagram 1018, and therefore step 1018 (Figure 10), 
completes. 

[0101] Conversely, if the data returned by authentica- 
tion server 126 does not represent a machine-bound 
passport record, processing transfers to test step 1120. 
In test step 1 1 20, content player 1 42 determines wheth- 
er the response by authentication server 126 indicates 
that the user needs a full passport to be properly au- 
thenticated to access the selected acquired content. In 
not, the user cannot be authenticated to access the ac- 
quired content, and content player 126 notes that an er- 
ror has occurred and reports the error to the user, ter- 
minating processing according to logic flow diagram 
1018, and therefore step 1018 (Figure 1 0). If , on the oth- 
er hand, the response from authentication server 126 
indicates thatthe user needs a full passport, processing 
transfers to step 1122. 

[0102] in step 1122. content player 142 sends to au- 
thentication server 126 a request for a new passport. 
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The request includes data specifying hardware identifier 
140 and a certificate retrieved from the selected ac- 
quired content. The certificate of the acquired content 
identifies the selected acquired content within certificate 
database 124 (Figure 1). Authentication server 126 re- 
sponds to such a request in the nnanner described below 
with respect to logic flow diagram 1400 (Figure 14), 
sending to content player 142 either a full passport 
record or an error message. 

[0103] In test step 1124, content player 142 deter- 
mines whether authentication server 126 returns a full 
passport record or an error. If an error is returned, the 
user cannot be authenticated to access the acquired 
content, and content player 126 notes that an error has 
occurred and reports the error to the user, tennlnating 
processing according to logic flow diagram 1018, and 
therefore step 1018 (Figure 10). If, on the other hand, 
the response from authentication server 126 is a full 
passport record, processing transfers to step 1126 (Fig- 
ure 11) in which content piayer 142 prompts the user to 
enter a password. 

[0104] Processing transfers from step 1126 to step 
1112 in which content player 142 creates fuli passport 
148A (Figure 3A) from the full passport infomnation re- 
ceived from authentication server 126. After step 1112 
(Figure 11), whether through step 1110 or step 1126, 
processing according to logic flow diagram 1018, and 
therefore step 1018 (Figure 10), completes. 
[0105] As described above, authentication server 1 26 
responds to a request for a passport inciuding a hard- 
ware Identifier in the manner shown as logic flow dia- 
gram 1200 (Figure 12). Specifically, logic fiow diagram 
1200 represents the response of authentication server 
126 to the request made by content player 142 in step 
1114 (Figure 11) in which the user had no full passport. 
Accordingly, authentication server 126 is asl<ed to re- 
issue the same machine-bound passport to which the 
selected content should already be bound. In step 1 202 
(Figure 1 2), authentication server 1 26 retrieves the cer- 
tificate for the selected content from certificate database 
124. For example, If content player 142 supplies — as 
the certificate of the selected content — certificate serial 
number 21 02 (Figure 21), authentication server 126 re- 
trieves certificate 2100 from certificate database 124 
(Figure 17). 

[0106] In test step 1204 (Figure 12), authentication 
server 124 detennlnes whether the acquired content Is 
bound to a machine-bound passport. Authentication 
server 124 makes such a determination by retrieving an 
account record, e.g., account record (Figure 18), which 
corresponds to the certificate. Authentication server 1 26 
can locate such an account record by searching for ac- 
count records having corresponding data values for 
name 1804, e-mail address 1806 and country 1808 or, 
alternatively, by maintain a table of records con^elating 
certificate serial number such as certificate serial 
number 2102 (Figure 21) with serial numbers such as 
serial number 1 802 (Figure 1 8). By examining type field 



1 81 6 of the retrieved account record and comparing the 
data stored therein to data representing a machine- 
bound type. If the data in type field 1816 so indicates, 
the selected content is bound to a machine-bound pass- 
5 port. Othenvlse, the selected content is bound to a full 
passport. 

[0107] if the selected content is not bound to a ma- 
chine bound passport, authentication server 126 returns 
an error message indicating that a full passport is re- 
^0 quired to access the selected content and tenminates 
processing according to logic flow diagram 1200. The 
full passport is required since the selected content is al- 
ready bound to a full, user-bound passport. Allowing the 
content to also be bound to a new machine-bound pass- 
's port would allow content to be played on numerous com- 
puter systenns other than those used by the original pur- 
chasing user and would represent a compromise of se- 
curity. 

[01 08] Conversely, if the selected acquired content is 
bound to a machine-bound passport, processing trans- 
fers to step 1206 in which authentication server 126 re- 
trieves a l<ey record representing the computer system 
associated with the hardware identifier received in the 
request from content player 142. Specifically, authenti- 
cation server 126 retrieves the l<ey record, e.g., key 
record 1704 (Figure 19), whose hardware identifier 
record 1914 represents the hardware identifier received 
from content player 142. 

[0109] If no such key record Is found, processing 
transfers through test step 1208 (Figure 12) to tenninal 
step 1210. In terminal step 1210, authentication server 
126 returns an error message which indicates that the 
user needs a full passport to access the selected con- 
tent. The user needs a full passport since the hardware 
identifier received from content player 1 42 Is determined 
in test step 1208 to represent a computer system with 
which authentication sen/er 126 is not familiar. 
[0110] if authentication server 126 finds the key 
record but the key record is not the same as key record 
retrieved in test step 1204, processing passes through 
test step 1 208 and test step 1 21 2 to temninal step 1 21 0. 
The user needs a full passport since the request for a 
machine-bound passport appears to be coming from a 
computer system other than the one to which the ac- 
quired content was original bound. 
[01 1 1] If the key record is found as detenmined in test 
step 1208 and is the same as the key record associated 
with the selected acquired content as detemnined in test 
step 1212, processing transfers to test step 1214 in 
which authentication server 1 26 implements a policy de- 
cision. In particular, authentication sen/er 126 deter- 
mines whether machine-bound keys can be reissued. 
In this illustrative embodiment, authentication server 
126 makes such a determination according to data 
stored in reissue limit field 1910 (Figure 19) of the key 
record retrieved in step 1206 (Figure 12). If reissue is 
not permitted, processing transfers to terminal step 
1 21 0 in which authentication server 126 returns an error 
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message which indicates that the user needs a fuli pass- 
port to access the selected content. Conversely, if reis- 
sue of machine-bound keys Is permitted, processing 
transfers to step 1216. 

[0112] in step 1216, authentication server 126 s 
records the re-issuance of key record 1704 (Figure 19) 
in certificate database 1 24 (Figure 1 7) with a new history 
record such as history record 1 706. After step 1 21 6 (Fig- 
ure 12), authentication server 126 returns a machine- 
bound passport record containing information from key fo 
record 1704 (Figure 19) to content piayer 142 (Figure 
1) in terminal step 1218 (Figure 12). After either terminal 
step 1210 ortemnlnai step 1218, processing according 
to logic flow diagram 1200 completes. 
[0113] As described above, logic flow diagram 1300 is 
(Figure 13) represents processing by authentication 
server 126 in response to a request for a new passport 
which includes full passport information, in particular, 
logic flow diagram 1 300 represents the response by au- 
thentication server 1 26 to the request made by content 20 
player 142 in step 1106 (Figure 11) in which the user 
already has a full passport and is, in essence, asking to 
have machine-bound keys added to the full passport. In 
step 1302 (Figure 13), authentication server 126 re- 
trieves a certificate for the selected content in the man- 25 
ner described above with respect to step 1202 (Figure 
12). In test step 1304 (Figure 13), authentication server 
126 determines whether the content certificate is ma- 
chine-bound in the manner described above with re- 
spect to step 1204 (Figure 12). 50 
[0114] If the content certificate is not machine bound, 
authentication server 126 returns an error in terminal 
step 1306 (Figure 13) since the selected content Is 
bound to a different full, user-bound passport, I.e., Is 
bound to a different user. Conversely, if the certificate is 35 
machine-bound, processing transfers to step 1308. 
[0115] Test step 1308 implements a policy decision in 
which authentication server 126 determines whether 
machine-bound keys can be added to a pre-existing full 
passport. Such would happen if, for example, a user had 40 
registered for a full passport on one client computer sys- 
tem and registered for a mach ine-bound passport on an- 
other client computer system and later wanted to move 
acquired content from the latter client computer systenh 
to the fomrier The user would have acquired content 45 
bound to two different sets of keys. If this is not allowed, 
processing transfers to temriinal step 1 306 and returns 
an error. Conversely, if such is allowed, processing 
transfers to test step 1310. 

[0116] In test step 1310, authentication server 126 im- so 
plements another policy decision, namely, can this par- 
ticular full passport contain more keys. Typically, full 
passports are permitted to hold only a limited number of 
additional keys such that users cannot collect machine- 
bound keys and content from friends and colleagues 55 
without limitation. In this embodiment, passport key limit 
1912 (Figure 19) specifies a maximum number of keys 
held by a passport based upon key record 1704. Au- 



thentication server 126 compares the number of keys 
already help in the full passport of the user to the limit 
specified in passport key limit 1 91 2 to detemnine wheth- 
er the passport can include more keys. 
[0117] If the passport cannot include more keys, 
processing transfers to temninal step 1306 (Figure 13) 
in which an error is returned. In terminal step 1306, 
whether from test step 1304, test step 1308, or test step 
1310, processing according to logic flow diagram 1300 
terminates. 

[0118] Conversely, if the passport can include more 
keys, processing transfers to step 1 31 2 in which the key 
is added to the passport and the addition of the key is 
recorded In a new history record in certificate database 
124. In adding the key, authentication server 126 adds 
an addition key record 2312 (Figure 23) to the passport. 
Additional key record 2312 includes a key 2314 and a 
certificate 231 6. Certificate 231 6 is the certificate of the 
content player to which the selected content Is already 
bound and key 2314 is the reciprocal private key. Key 
2314 is encrypted using the unencrypted registration 
key 2310 — see, e.g., clear registration key 520 (Figure 
5). In one embodiment, such encrypting is performed by 
content player 1 42 (Figure 1 ) after return of the passport 
information by authentication server 126 since content 
player 142 directly receives the user-supplied pass- 
word. In an alternative embodiment, authentication 
server 126 maintains clear registration key 520 and re- 
ceives the user-supplied password from content player 
142 along with the passport request and, accordingly, 
authentication server 126 encrypts key 2314 (Figure 
23), 

[0119] After step 1314 (Figure 12), processing trans- 
fers to temninal step 1 31 6 in which authentication server 
sends a full passport record and completes processing 
according to logic flow diagram 1300. 
[0120] Logic flow diagram 1400 (Figure 14) repre- 
sents the response by authentication server 126 to the 
request of content player 142 in step 1122 (Figure 11) 
in which the user has no full passport but is requesting 
that a previously acquired machine-bound passport be 
upgraded to a full passport. The user can explicitly re- 
quest such an upgrade or such an upgrade can be at- 
tempted when a user agrees after attempting to play ma- 
chine-bound content on a client computer system to 
which the content was not bound. In step 1402 (Figure 
14), authentication server 126 generates a new full 
passport with a key to the content. Step 1402 is shown 
In greater detail as logic flow diagram 1402 (Figure 15). 
[0121] In step 1502, authentication server 126 
searches for a key record with a hardware identifier 
1914 (Figure 1 9) corresponding to the hardware identi- 
fier received from content player 142 in the request of 
step 1 1 22 (Figure 1 1 ). If none is found, processing trans- 
fers to step 1504. 

[0122] In step 1504, authentication server 126 cre- 
ates a new key pair and fonns a new key record, such 
as key record 1704 (Figure 19) representing the new 
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key pair In step 1 506, authentication server 1 26 creates 
a full passport with the keys of the new key record. Spe- 
cifically, authentication server 126 copies public key 
1906 (Figure 19) and validity dates 1908 of the newly 
created key record 1 704 to public key 2320 (Figure 23) 5 
and validity dates 2322, respectively. Authentication 
server 126 creates a new certificate serial number 2324 
and signs certificate 2302 to form signature 2326. Au- 
thentication server 126 copies private key 1904 (Figure 
1 9) to private key 2304 (Figure 23). In this embodiment, io 
private key 2304 is secured by content player 142 (Fig- 
ure 1) in step 1010 (Figure 10) as described above. In 
addition, private user information 2306 (Figure 23) is ieft 
empty to be completed by content player 142. Authen- 
tication server 126 creates a new registration key 230B is 
and a new random number 2310. Content player 142 
secures registration key 2308 In step 1010 (Figure 10) 
as described above. 

[01 23] Returning to test step 1 502, if a key record cor- 
responding to the received hardware identifier is found, 20 
processing transfers to test step 1 508 which implement 
a policy decision. Speclficaiiy, test step 1508 imple- 
ments the same policy decision implemented by test 
step 1308 (Figure 13) — i.e., whether a fuil passport 
can include machine-bound keys. In authentication 
server 126 detemnines that a fuil passport cannot in- 
clude machine-bound keys, processing transfers to ter- 
minal step 1510 in which authentication server 126 re- 
turns an error and competes processing according to 
logic flow diagrams 1402 and 1400 (Figure 14). Con- 30 
versely, if the full passport can include machine-bound 
keys, processing transfers to step 1512 (Figure 15). 
[0124] In step 1512, authentication server 126 
records issuance of the keys of the key record located 
in test step 1 502 in a new history record within certificate 35 
database 124. In step 1514, authentication server 126 
creates a full passport with the keys of the machine- 
bound key record. Step 1514 is analogous to step 1506 
described above except that key record 1 704 is not new- 
ly created in step 1514. Instead, key record 1704 is the 40 
key record located in test step 1502. 
[0125] After eitherstep 1506 or step 151 4, processing 
according to logic flow diagram 1 402, and therefore step 
1402 (Figure 14), completes. In step 1404, authentica- 
tion server 126 uses the received hardware identifier 
and content infonnation to generate the new full pass- 
port. Step 1404 is shown in greater detail as logic flow 
diagram 1404 (Figure 16). 

[01 26] In test step 1 602, authentication server 1 26 de- 
termines whether a certificate for selected content Is re- so 
ceived from content player 142 along with the request 
of step 1122. If the user explicitly requests upgrade of 
her passport to user-bound from machine-bound with- 
out requesting playback of any particular content, the 
request received by authentication server 1 26 would not ss 
include a content certificate. However, if the request 
comes through step 1122 (Figure 11). in which the up- 
grade request is in response to an attempt to play con- 



tent on a first client computer system when the content 
is bound to a second client computer system, the re- 
quest Includes the certificate of the content attempted 
to be played. 

[0127] If no content certificate is included in the re- 
quest from content player 142, processing transfers to 
step 1 604 (Figure 1 6) in which the full passport infonma- 
tion created in step 1506 (Figure 15) or step 1514 is re- 
turned. Processing according to logic flow diagram 1402 
(Figure 16), and therefore step 1404 (Figure 14), com- 
pletes after step 1604 (Figure 16). 
[0128] If, on the other hand, a content certificate is in- 
cluded In the request from content player 142, process- 
ing transfers to test step 1606. in test step 1606, authen- 
tication server 126 detenmines whether the hardware 
Identifier received from content player 142 matches the 
content certificate. If so, the user is requesting an up- 
grade from the machine to which her content is bound 
and processing transfers to step 1604 in which the full 
passport information created in step 1506 (Figure 15) 
or step 1514 is returned. Conversely, if the received 
hardware identifier and content certificate do not match, 
processing transfers to test step 1610. 
[0129] In test step 1 61 0, authentication server 126 im- 
plements a policy decision, namely, can machine-bound 
keys be issued to a fuil passport. This is the same as 
the policy decision of test step 1508. If machine-bound 
keys cannot be issued to a full passport, an error is re- 
turned and processing according to logic flow diagrams 
1404 and 1400 (Figure 14) terminates. Conversely, if 
machine-bound keys can be added to the full passport, 
processing transfers to test step 1 612. 
[0130] In test step 1612, authentication server 1 26 im- 
plements another policy decision, namely, can this 
passport hold more keys. This is the same as the policy 
decision of test step 1310. If the full passport cannot hold 
more keys, an error is returned and processing accord- 
ing to logic flow diagrams 1404 and 1400 (Figure 14) 
terminates. Conversely, if the full passport can hold 
more keys, processing transfers to step 1614 (Figure 
16). 

[0131] In step 1614, authentication server 126 
records the inclusion of the machine-bound keys into the 
full passport in certificate database 124 in the manner 
described above in step 1 31 2 (Figure 1 3), In step 1 61 6, 
authentication server 126 adds the keys fomn the con- 
tent certificate into the full passport. For example, if cer- 
tificate 2100 (Figure 21) represents the content certifi- 
cate, authentication server 1 26 stores certificate 21 00 
as certificate 231 6 (Figure 23) and stores the associated 
private key 1904 of the associated key record as key 
2314 (Figure 23). 

[0132] After step 1614 (Figure 16), processing trans- 
fers to step 1604 in which the full passport infomiation 
created in step 1506 (Figure 15) or step 1514 with the 
additional keys of step 1616 (Figure 1 6) Is returned and 
processing according to logic flow diagrams 1404 and 
1400 (Figure 14) complete. 
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[0133] Thus, a machine-bound passport is converted 
to a user-bound passport in a secure manner that is rel- 
ativeiy convenient for the user and without requiring re- 
encrypting or otherwise nnodifying the bound data. 

Secure Connection Between the Authentication Server 
and the Content Player 

[0134] As described briefly above, authentication 
server 126 (Figure 1) and content player 142 communi- 
cate through a secure connection through wide-area 
networl^ 106. In one embodiment, the known Secure 
Sockets Layer (SSL) type of connection is used for se- 
cure communication between authentication server 1 26 
and content player 142. 

[0135] In an alternative embodiment, authentication 
server 126 and content player 142 communicate with 
one another in a cryptographlcally secure session that 
is simpler than the SSL protocol. Content player 142 
sends a request message to authentication server 126 
to obtain the certificate of authentication server 126. 
Content player 142 encrypts its registration information 
using the public key of authentication server 1 26 so that 
only authentication server 126 can decrypt the registra- 
tion information. Authentication server 1 26 returns infor- 
mation necessary to create the passport to content play- 
er 142. The information is encrypted using a key derived 
from the registration infomnation provided by content 
piayer 1 42 such that only content player 1 42 can decrypt 
the passport information. 

[01 36] ' The above description is illustrative only and is 
not limiting. The present invention is limited only by the 
claims which follow. 

The following Is a list of further preferred 
embodiments of the Invention 

[0137] 

Embodiment 1 . A method for converting content da- 
ta from machine-bound to user-bound, the method 
comprising: 

(i) binding the content data to one or more hard- 
ware devices using one or more binding keys 
which are related to the one or more hardware 
devices; 

(ii) converting the one or more binding keys to 
fonn one or more ciearlext keys such that the 
one or more cleartext keys are independent of 
the one or more hardware devices; and 

(ill) binding the one or more cleartext keys to a 
user to form one or more user-bound keys. 

Embodiment 2. The method of embodiment 1 
wherein (lii) binding comprises: 



requiring that the user enters a password prior 
to allowing use of the user-bound keys to ac- 
cess the content data. 

5 . Embodiment 3. The method of embodiment 2 
wherein (lii) binding further comprises: 

encrypting the one or more cleartext keys using 
the password as an encryption key 

10 

Embodiment 4. The method of embodiment 1 
wherein (lii) binding comprises: 

encrypting the one or more cleartext keys to 
IS form the user-bound keys in a manner which 

requires that the user provide a decryption key 
to decrypt the cleartext keys from the user- 
bound keys to thereby provide access to the 
content data. 

20 

Embodiment 5. The method of embodiment 1 
wherein (iii) binding comprises: 

associating private information of the user with 
25 the content data such that playback of the con- 

tent data causes display of the private user In- 
formation. 

Embodiment 6. The method of embodiment 1 
30 wherein (I) binding comprises: 

encrypting the one or more cleartext keys using 
hardware Identification data as an encryption 
key to fomri the one or more binding keys 
35 wherein the hardware identification data corre- 

sponds to the one or more hardware devices. 

Embodiment 7. The method of embodiment 6 
wherein (ii) converting comprises: 

40 

decrypting the one or more binding keys using 
the hardware identification data as the encryp- 
tion key to form the one or more cleartext keys. 

^ Embodiment 8. The method of embodiment 1 fur- 
ther comprising: 

determining that a pre-existing data structure 
binds the user to other content; 

50 

wherein (lii) binding includes: 

including the user-bound keys as one or more 
additional keys to the data structure. 

55 

Embodiment 9. The method of embodiment 1 
wherein (ii) converting and (iii) binding are per- 
formed in response to detection of a condition in 
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which the user requests playback of the content da- • automatically upgrading content data from ma- 

ta in a system which does not include the one or chine-bound to user-bound, the method compris- 

more hardware devices. Ing: 



Claims 

1. A computer-readable medium having a passport 
data structure contained thereon to secure digital 
content, the passport data structure comprising: 

a signature algorithm field to specify an algo- 
rithm to generate a cryptographic signature to 
secure the passport information field; 

a signature field to store the cryptographic sig- 
nature; 

a passport information field to store data relat- 
ed to the passport data structure's digital con- 
tent, wherein said passport information field In- 
cludes a private key to decrypt said crypto- 
graphic signature and grant access to the dig- 
ital content to the passport; and 

one or more entity keys to bind the private key, 
wherein the entity keys are associated with a 
set of a entities. 

2. The computer-readable medium of claim 1 , wherein 
at least one of the entities in the set of entitles com- 
prises a hardware device. 

3. The computer-readable medium of claim 2, wherein 
the entity key comprises a hardware-based key. 

4. The computer-readable medium of claim 3, wherein 
the hardware-based key Is a hardware identifier 
specific to a hardware device. 

5. The computer-readable medium of claim 1 , wherein 
at least one of the entitles in the set of entities com- 
prises a user 

6. The computer-readable medium of claim 4, wherein 
the entity-bound key comprises a user-bound key. 

7. The computer-readable medium of claim 5 further 
comprising: 

a set of private user Information related the user 
to be displayed during playback of data content. 

8. The computer-readable medium of claim 5, wherein 
the user-bound key is a user password. 

9. A computer-readable medium having encoded ther- 
eon a method executable on a computing device for 



5 binding the content data to a hardware device 

using a binding key related to the hardware de- 
vice; 

detecting an attempt to playback the content 
^0 data on a different hardware device; 

requesting a user upgrade the content data 
from machine-bound to user-bound; 

'5 upon receipt of a request to upgrade the con- 

tent data from machine-bound to user-bound, 
requesting authentication Infomnation from the 
user; 

20 verifying the authentication information; and 

generating a user-bound key for the content da- 
ta. 

25 1 0. The computer-readable medium of claim 9, wherein 
the generating comprises: 

converting the binding key to form a cleartext 
key independent of the hardware devices; and 

30 

binding the cleartext key to the user to fomi the 
user-bound key. 

1 1 . The computer-readable medium of claim 1 0, where- 
as in the binding the cleartext key to a user comprises 

requesting a user-specified password. 

12. The computer-readable medium of claim 9, wherein 
the authentication Information comprises name and 

"^0 email address. 

1 3. The computer-readable medium of claim 9, wherein 
the method further comprises adding private user 
infomriation to the content data. 

45 

14. The computer-readable medium of claim 13, where- 
in the private user information comprises credit card 
infomnation. 

50 15. In a system for securing content data, a method of 
securing multiple content data files using a passport 
data structure comprising: 

binding a first content data file to a first hard- 
55 ware device using a first binding key related to 

the first hardware device; 

binding a second content data file to a second 
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hardware device using a second binding key re- 
lated to the second hardware device; 

converting the first binding Icey and the second 
binding key to form cleartext keys Independent 
of the hardware devices; 

adding the cleartext keys to a user-bound pass- 
port such that the passport now contains mul- 
ttpie cieartext keys. 

16. The method of ciaim 15, wherein the second hard- 
ware device is the same as the first hardware de- 
vice. 

17. The method of claim 15, wherein the adding step 
comprises binding the cleartext key to a user to fomn 
the user-bound key. 

18. The computer-readable medium of claim 17, where- 20 
in the binding the cleartext key to a user comprises: 

requesting a user-specified password; and 

binding the user passport using the user-spec- -25 
ified password. 
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